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IQ.  SUMMARY:  Per  ref tel,  Post  researched  Austria's  electronic 
identity  card  (elD)  system,  the  so-called  "Citizen  Card"  (CC) 
introduced  starting  in  2002  as  part  of  a broader  e-government  plan 
to  give  citizens  secure  online  access  to  public  services.  For  most 
applications,  the  CC  is  a chip-based  smart  card  with  electronic 
signature:  Austrians  typically  use  their  health  insurance  card  or 

ATM  card,  rather  than  obtaining  a separate  government  ID. 
Authentication  is  through  a personal  identifier  code  (derived  from  a 
unique  citizen  number  in  the  Austrian  Central  Register)  saved  on  the 
card  upon  activation.  The  personal  "source"  PIN  is  then  matched 
with  a "sector-specific"  PIN  for  each  transaction.  Austria's  elD 
system  is  based  on  open-source  standards  to  promote 
interoperability,  and  can  be  used  to  authenticate  private 
transactions  such  as  Internet  banking.  EU  countries  are  working 
towards  cross-border  compatibility  under  the  STORK  initiative;  the 
USG  is  welcome  to  take  part  as  well,  say  GoA  interlocutors.  END 
SUMMARY . 

1.2.  In  2002-2003,  Austria  was  one  of  the  first  countries  to  introduce 
an  elD  (the  "CC")  with  electronic  signature  for  citizens  and 
businesses  to  conduct  e-Government  transactions.  In  2005,  the 
Chancellor's  office  established  the  "Digital  Austria"  platform  to 
promote  secure  electronic  communication.  An  Embassy  representative 
spoke  with  Roland  Ledinger  (managing  director  of  Digital  Austria  and 
Head  of  the  GoA  Department  for  Information  and  Communication 
Technology)  and  to  Herbert  Leitold,  head  of  GoA  Center  for  Secure 
Information  Technology-Austria  (A-SIT),  which  manages  technical 
implementation  of  the  elD  system. 

From  Tax  Declarations  To  Internet  Banking 


13.  Introduced  to  facilitate  e-Government  transactions,  Austria's  CC 
has  been  extended  to  cover  business-to  business  and 

consumer-to-business  applications  as  well.  Ledinger  said  the  elD ' s 
key  advantage  over  other  "e-solutions"  is  that  the  user  needs  only 
one  credential  for  a broad  range  of  transactions  ("single  sign-on") 
rather  than  dozens  of  separate  passwords  or  identifiers.  For 
individuals,  the  main  e-Government  applications  are  applying  for 
official  documents  such  as  passports  and  drivers  licenses, 
electronic  delivery  of  official  documents  such  as  criminal  records, 
electronic  submission  of  tax  declarations,  and  processing  of  welfare 
and  education  grants  and  refunds.  Businesses  use  the  elD  system  to 
make  electronic  payments,  participate  in  procurement  tenders, 
conduct  customs/tax  business,  and  so  on.  A new  area  is  using  e-IDs 
to  authenticate  internet  banking. 

1.4.  The  Austrian  CC  is  not  a unique  card;  rather  it  can  be  activated 
on  various  existing  smart  cards,  including  the  health  insurance 
"e-card"  (almost  all  Austrians  carry  one),  ATM  cards  (Maestro 
network),  and  student  ID  cards.  Activation  and  use  of  elDs  is  via  a 
card  reader  and  Internet  connection,  by  downloading  "citizen  card 
environment"  software.  In  government  and  workplace  computers,  the 
card  reader  is  often  integrated:  otherwise,  users  often  need  to 

purchase  and  connect  the  card  reader,  the  largest  barrier  to  using 
the  CC  at  home. 


Authentication  With  Personal  Source-Pin  From  Central  Register 


15.  The  CC  "token"  is  the  element  which  ensures  unique 
identification  and  authentication  of  the  user  and  provides 
cryptographic  security.  Upon  activation,  the  token  contains  the 
electronic  signature  and  personal  information  ("identity  link")  of 
the  user  (only  the  first  name,  last  name,  and  date  of  birth  of  the 
user  are  stored  on  the  CC ) . For  this  purpose,  a "sourcePIN"  is 
saved  on  the  CC,  which  is  an  encrypted  derivation  of  the  user's 
number  in  the  Central  Register  of  Residents.  It  is  not  used 
directly  for  identification  purposes:  instead,  another  derivation  of 
this  number  (a  "sector-specific  personal  identifier"  or  ssPIN)  is 
created  for  each  transaction  to  avoiding  transmitting  personal  data. 

34  different  government  "sectors"  have  been  identified  that  provide 
ssPINs.  Each  business  which  uses  CC  or  provides  CC  services  to 
customers  (such  as  major  banks)  also  gets  a separate  ssPIN. 

1[6 . For  federal  and  local  government  transactions,  the  CC  is  popular 
apart  from  e-government,  there  are  only  about  120,000  CC  users  (out 
of  a population  of  8.35  million).  Ledinger  remarked  that  the 
benefits  of  using  the  CC  (single  sign-on,  better  security)  are  not 
well-known  and  said  the  GoA  ought  to  advertise  the  CC  more  widely. 

elD  via  Mobile  Phone/SMS 


T_7 . A recent  development  in  Austria  is  using  mobile  phones  as  e-IDs. 
The  user  must  apply  for  a CC  signature  online  and  furnish 
identification  in  person  at  a cell  phone  provider  or  post  office; 
afterwards,  a citizen  can  use  the  CC  via  SMS  rather  than  a card 
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reader.  The  GoA  hopes  this  will  attract  more  users. 
Based  on  Open  Source  Standards 


11_8 . Austria'  elD  system  uses  open  source  "Module  for  Online 
Application  (MOA) " components,  which  the  GoA  registered  in  2005 
(license  is  available  from  the  Apache  Software  Foundation)  to  ensure 
interoperability  of  with  other  elD  systems.  In  Europe,  Austria  and 
13  other  countries  are  cooperating  in  the  STORK  project  (Secure 
idenTity  across  boRders  linked)  to  establish  new  European-level 
e-Government  based  on  compatible  national  elDs.  Our  interlocutors 
see  no  problem  extending  elD  cooperation  and  interoperability  to  the 
U.S.  and  other  non-EU  countries  — whether  the  U.S.  system  is  in  the 
form  of  a smart-card  or  password-based  system  (as  long  as  a U.S. 
adopts  the  "logic"  of  MOA). 

_5_9 . Ledinger  said  Digital  Austria  would  be  happy  to  meet  with  a U.S. 
delegation  to  discuss  the  Austrian  Citizen  Card  experience  and  other 
e-government  projects.  Ledinger  is  the  best  contact  for  policy 
issues  (Roland  Ledinger,  phone:  +43-1-53115-2745,  e-mail: 
roland . ledinger@bka . gv . at ) . For  technical  issues,  the  POC  is 
Herbert  Leitold  (phone:  +43-1-316-8735521,  e-mail: 

Herbert .Leitold@a-sit . at ) . 
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